
Topics
- Key concepts
- CloudFormation
Key concepts
- CloudFormation
- Automation: The use of software to create repeatable instructions and processes to replace or reduce human interaction with IT systems
- Cloud Governance: The people, process, and technology associated with your cloud infrastructure, security, and operations. It involves a framework with a set of policies and standard practices
- Infrastructure as Code: The process of managing and provisioning computer resources through human and machine-readable definition files, rather than physical hardware configuration or interactive configuration tools like the AWS console
- IT Audit: The examination and evaluation of an organization’s information technology infrastructure, policies and operations
CloudFormation
- CloudFormation is a AWS service for create infrastructure as code.
- it’s a yaml file
How to start with CloudFormation
- Services -> CloudFormation
- Create stack “With new resources (standard)”
- Template is ready
- Upload a template file
- Click “Choose file” button
- Select provided YAML file
- Next
CloudFormation Template sections
- Format version
- Decsription
- Parameters
- Resources
- Outputs
Each AWS Account has its own AWS Identity & Access Management (IAM) Service.
If you know Azure
On Microsoft Azure, we have a Subscription. The AWS Account can be equivalent to the Azure Subscription. With a difference. Each AWS Account can have its own IAM Users but in Azure, we have a central IAM Service, called Azure Active Directory (AAD).
Each above-called service is a huge topic but we don’t do a deep dive right now.
The AWS IAM User can be used
- Only for CLI purposes. This user can’t log in to the AWS Portal.
- Only for working with the AWS Portal. This user can’t be used for CLI.
- Both purposes. This user can be used to log in to the AWS Portal and CLI.
Pipeline User
The first question is why do we need a Pipeline User?
- Automated deployment (CI/CD) pipeline and prevent manual or per-click deployment.
- We can only grant the pipeline user for some specific permissions and audit the logs of this user.
This user can work with AWS Services only via CLI. Therefore it has an Access Key ID and a Key Secret.
If you know Azure
It’s used like a Service Principal, that you have a client-id and client-secret.
IAM User
Description and video come soon

Resources
You owe your dreams your courage.
Koleka Putuma
One thought on “AWS : Infrastructure Deployment”